forked from extern/shorewall_code
Merge branch '4.5.12'
This commit is contained in:
commit
23a188f765
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011,2012 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
@ -1419,9 +1419,20 @@ sub delete_chain_and_references( $ ) {
|
||||
# We're going to delete this chain but first, we must delete all references to it.
|
||||
#
|
||||
my $tableref = $chain_table{$chainref->{table}};
|
||||
my $name1 = $chainref->{name};
|
||||
for ( @{$chainref->{rules}} ) {
|
||||
decrement_reference_count( $tableref->{$_->{target}}, $name1 ) if $_->{target};
|
||||
my $name = $chainref->{name};
|
||||
|
||||
while ( my ( $chain, $references ) = each %{$chainref->{references}} ) {
|
||||
#
|
||||
# Delete all rules from $chain that have $name as their target
|
||||
#
|
||||
my $chain1ref = $tableref->{$chain};
|
||||
$chain1ref->{rules} = [ grep ( ( $_->{target} || '' ) ne $name, @{$chain1ref->{rules}} ) ];
|
||||
}
|
||||
#
|
||||
# Now decrement the reference count of all targets of this chain's rules
|
||||
#
|
||||
for ( grep $_, ( map( $_->{target}, @{$chainref->{rules}} ) ) ) {
|
||||
decrement_reference_count( $tableref->{$_}, $name );
|
||||
}
|
||||
|
||||
delete_chain $chainref;
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011,2012 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011,2012 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
@ -1128,8 +1128,8 @@ sub cleanup() {
|
||||
for ( my $i = @openstack - 1; $i >= 0; $i-- ) {
|
||||
my $istack = $openstack[$i];
|
||||
for ( my $j = ( @$istack - 1 ); $j >= 0; $j-- ) {
|
||||
my $info = $istack->[$j];
|
||||
close $info->[0];
|
||||
my $info = $istack->[$j][0];
|
||||
close $info if $info;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011,2012 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2009,2010,2011 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011,2012 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Complete documentation is available at http://shorewall.net
|
||||
#
|
||||
@ -2385,7 +2385,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
|
||||
}
|
||||
|
||||
fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & ( NATRULE | NONAT );
|
||||
$rule .= "$globals{STATEMATCH} ESTABLISHED" if $section == ESTABLISHED_SECTION;
|
||||
$rule .= "$globals{STATEMATCH} ESTABLISHED " if $section == ESTABLISHED_SECTION;
|
||||
}
|
||||
#
|
||||
# Generate CT rules(s), if any
|
||||
|
@ -3,7 +3,7 @@
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
# (c) 2007,2008,2009,2010,2011 - Tom Eastep (teastep@shorewall.net)
|
||||
# (c) 2007,2008,2009,2010,2011,2012,2013 - Tom Eastep (teastep@shorewall.net)
|
||||
#
|
||||
# Traffic Control is from tc4shorewall Version 0.5
|
||||
# (c) 2005 Arne Bernin <arne@ucbering.de>
|
||||
|
@ -1324,4 +1324,4 @@ clear_firewall() {
|
||||
logger -p kern.info "$g_product Cleared"
|
||||
}
|
||||
|
||||
?endif
|
||||
?endif # IPv6-specific functions.
|
||||
|
@ -18,7 +18,7 @@
|
||||
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2012</year>
|
||||
<year>2001-2013</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
|
@ -24,7 +24,7 @@
|
||||
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
|
||||
|
||||
<copyright>
|
||||
<year>2001-2009</year>
|
||||
<year>2001-2013</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
</copyright>
|
||||
@ -223,10 +223,10 @@
|
||||
<para>This screen shot shows how I configured QoS in a 2.6.16
|
||||
Kernel:</para>
|
||||
|
||||
<graphic align="center" fileref="images/traffic_shaping2.6.png"/>
|
||||
<graphic align="center" fileref="images/traffic_shaping2.6.png" />
|
||||
|
||||
<para>And here's my recommendation for a 2.6.21 kernel:<graphic
|
||||
align="center" fileref="images/traffic_shaping2.6.21.png"/></para>
|
||||
align="center" fileref="images/traffic_shaping2.6.21.png" /></para>
|
||||
</section>
|
||||
|
||||
<section id="Shorewall">
|
||||
@ -497,7 +497,7 @@
|
||||
</itemizedlist>
|
||||
|
||||
<example id="Example0">
|
||||
<title/>
|
||||
<title></title>
|
||||
|
||||
<para>Suppose you are using PPP over Ethernet (DSL) and ppp0 is the
|
||||
interface for this. The device has an outgoing bandwidth of 500kbit
|
||||
@ -1254,7 +1254,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
</itemizedlist>
|
||||
|
||||
<example id="Example1">
|
||||
<title/>
|
||||
<title></title>
|
||||
|
||||
<para>All packets arriving on eth1 should be marked with 1. All
|
||||
packets arriving on eth2 and eth3 should be marked with 2. All packets
|
||||
@ -1268,7 +1268,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
</example>
|
||||
|
||||
<example id="Example2">
|
||||
<title/>
|
||||
<title></title>
|
||||
|
||||
<para>All GRE (protocol 47) packets destined for 155.186.235.151
|
||||
should be marked with 12.</para>
|
||||
@ -1278,7 +1278,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
</example>
|
||||
|
||||
<example id="Example3">
|
||||
<title/>
|
||||
<title></title>
|
||||
|
||||
<para>All SSH request packets originating in 192.168.1.0/24 and
|
||||
destined for 155.186.235.151 should be marked with 22.</para>
|
||||
@ -1288,7 +1288,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
</example>
|
||||
|
||||
<example id="Example4">
|
||||
<title/>
|
||||
<title></title>
|
||||
|
||||
<para>All SSH packets packets going out of the first device in in
|
||||
/etc/shorewall/tcdevices should be assigned to the class with mark
|
||||
@ -1301,7 +1301,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
</example>
|
||||
|
||||
<example id="Example5">
|
||||
<title/>
|
||||
<title></title>
|
||||
|
||||
<para>Mark all ICMP echo traffic with packet mark 1. Mark all peer to
|
||||
peer traffic with packet mark 4.</para>
|
||||
@ -1334,7 +1334,7 @@ SAVE 0.0.0.0/0 0.0.0.0/0 all - - -
|
||||
</example>
|
||||
|
||||
<example>
|
||||
<title/>
|
||||
<title></title>
|
||||
|
||||
<para>Mark all forwarded VOIP connections with connection mark 1 and
|
||||
ensure that all VOIP packets also receive that mark (assumes that
|
||||
|
@ -33,9 +33,11 @@
|
||||
|
||||
<year>2012</year>
|
||||
|
||||
<year>2013</year>
|
||||
|
||||
<holder>Thomas M. Eastep</holder>
|
||||
|
||||
<holder/>
|
||||
<holder></holder>
|
||||
</copyright>
|
||||
|
||||
<legalnotice>
|
||||
@ -163,7 +165,7 @@
|
||||
<para>?ENDIF.</para>
|
||||
</blockquote>
|
||||
|
||||
<para/>
|
||||
<para></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
Loading…
Reference in New Issue
Block a user